This is a multi-part message in MIME format. --------------070307000107030707080400 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I've figured it out - finally - the issue is/was that I added a virtual interface to the bridge interface on startup. I added the "ovirtmgmt:1" interface to be able to get to the VMs which are on a completely different network range - to fix it, i had to remove the virtual interface (unfortunately), detached the ovirtmgmt interface from eth0 and then re-attached and voila, all good again ... i did a restart of the HV (node) just in case ;) .. Alex On 11/07/2012 09:47 AM, Itamar Heim wrote:
On 11/07/2012 01:37 AM, Alex Leonhardt wrote:
I think this post I just found is related to my issue :
http://www.mail-archive.com/users@ovirt.org/msg03010.html
at the bottom it explains how changing the "display network" can break spice ...
you can tell the spice client the subject of the certificate to expect, regardless of the ip you are connecting to.
i'll try the removal of the host and re-adding (hopefully my VMs are safe!)
Alex
On 11/06/2012 11:55 PM, Alex Leonhardt wrote:
Yep, found it - and it's related to this site / update to spice here :
http://spice-space.org/page/SSLConnection
but now i get :
$ spicec -h 192.168.1.21 -s 5901 Error: failed to connect w/SSL, ssl_error error:00000001:lib(0):func(0):reason(1) 140370158261576:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:338: Warning: SSL Error:
I belive that's got something to do with trying to use ssl3 (as the ca cert is ssl v3) instead of ssl v2 ...
Alex
On 11/06/2012 11:42 PM, Alon Bar-Lev wrote:
----- Original Message -----
From: "Alex Leonhardt"<alex.tuxx@gmail.com> To: "Alon Levy"<alevy@redhat.com> Cc:spice-devel@lists.freedesktop.org,users@ovirt.org Sent: Wednesday, November 7, 2012 1:35:09 AM Subject: Re: [Users] [Spice-devel] Unable to establish spice session
This is what i receive when trying to launch it manually :
$ spicec -h 192.168.1.21 -p 5901 -s 5901
Error: SSL_CTX_load_verify_locations failed CA_file=/home/user/.spicec/spice_truststore.pem 140141786060104:error:02001002:system library:fopen:No such file or directory:bss_file.c:126:fopen('/home/user/.spicec/spice_truststore.pem','r')
140141786060104:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:129 : 140141786060104:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:279: Warning: SSL Error:
Alex
You need --ca-file parameter. Download the certificate usinghttp://engine/ca.crt
Alon
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--------------070307000107030707080400 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <font size="-1"><font face="Tahoma">I've figured it out - finally - <br> <br> the issue is/was that I added a virtual interface to the bridge interface on startup. I added the "ovirtmgmt:1" interface to be able to get to the VMs which are on a completely different network range - to fix it, i had to remove the virtual interface (unfortunately), detached the ovirtmgmt interface from eth0 and then re-attached and voila, all good again ... i did a restart of the HV (node) just in case ;) .. <br> <br> Alex<br> <br> </font></font><br> On 11/07/2012 09:47 AM, Itamar Heim wrote: <blockquote cite="mid:509A2E31.7090802@redhat.com" type="cite">On 11/07/2012 01:37 AM, Alex Leonhardt wrote: <br> <blockquote type="cite">I think this post I just found is related to my issue : <br> <br> <a class="moz-txt-link-freetext" href="http://www.mail-archive.com/users@ovirt.org/msg03010.html">http://www.mail-archive.com/users@ovirt.org/msg03010.html</a> <br> <br> at the bottom it explains how changing the "display network" can break <br> spice ... <br> </blockquote> <br> you can tell the spice client the subject of the certificate to expect, regardless of the ip you are connecting to. <br> <br> <blockquote type="cite"> <br> i'll try the removal of the host and re-adding (hopefully my VMs are safe!) <br> <br> Alex <br> <br> On 11/06/2012 11:55 PM, Alex Leonhardt wrote: <br> <blockquote type="cite">Yep, found it - and it's related to this site / update to spice here : <br> <br> <a class="moz-txt-link-freetext" href="http://spice-space.org/page/SSLConnection">http://spice-space.org/page/SSLConnection</a> <br> <br> but now i get : <br> <br> $ spicec -h 192.168.1.21 -s 5901 <br> Error: failed to connect w/SSL, ssl_error <br> error:00000001:lib(0):func(0):reason(1) <br> 140370158261576:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong <br> version number:s3_pkt.c:338: <br> Warning: SSL Error: <br> <br> I belive that's got something to do with trying to use ssl3 (as the ca <br> cert is ssl v3) instead of ssl v2 ... <br> <br> Alex <br> <br> <br> On 11/06/2012 11:42 PM, Alon Bar-Lev wrote: <br> <blockquote type="cite">----- Original Message ----- <br> <blockquote type="cite">From: "Alex Leonhardt"<a class="moz-txt-link-rfc2396E" href="mailto:alex.tuxx@gmail.com"><alex.tuxx@gmail.com></a> <br> To: "Alon Levy"<a class="moz-txt-link-rfc2396E" href="mailto:alevy@redhat.com"><alevy@redhat.com></a> <br> <a class="moz-txt-link-abbreviated" href="mailto:Cc:spice-devel@lists.freedesktop.org,users@ovirt.org">Cc:spice-devel@lists.freedesktop.org,users@ovirt.org</a> <br> Sent: Wednesday, November 7, 2012 1:35:09 AM <br> Subject: Re: [Users] [Spice-devel] Unable to establish spice session <br> <br> <br> This is what i receive when trying to launch it manually : <br> <br> $ spicec -h 192.168.1.21 -p 5901 -s 5901 <br> <br> Error: SSL_CTX_load_verify_locations failed <br> CA_file=/home/user/.spicec/spice_truststore.pem <br> 140141786060104:error:02001002:system library:fopen:No such file or <br> directory:bss_file.c:126:fopen('/home/user/.spicec/spice_truststore.pem','r') <br> 140141786060104:error:2006D080:BIO routines:BIO_new_<a class="moz-txt-link-freetext" href="file:no">file:no</a> such <br> <a class="moz-txt-link-freetext" href="file:bss_file.c:129">file:bss_file.c:129</a> : <br> 140141786060104:error:0B084002:x509 certificate <br> routines:X509_load_cert_crl_<a class="moz-txt-link-freetext" href="file:system">file:system</a> lib:by_file.c:279: <br> Warning: SSL Error: <br> <br> Alex <br> <br> </blockquote> You need --ca-file parameter. <br> Download the certificate usinghttp://engine/ca.crt <br> <br> Alon <br> </blockquote> </blockquote> <br> <br> _______________________________________________ <br> Users mailing list <br> <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <br> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> <br> <br> </blockquote> <br> <br> </blockquote> </body> </html> --------------070307000107030707080400--